REMARKS/ARGUMENTS 



Remarks Concerning Amendments to Claims 

Claims 1 and 21 are amended. The added claim language is supported by paragraphs 0063 and 
0088 of the specification. 

Response to Objections to the Specification 

Regarding the specification, the Office objected to a minor informality in paragraph 0094. In 
particular, the Office stated that "Multicast Flood Meter 603" should be corrected to read 
"Multicast Flood Meter 604" as indicated in Figure 6. 

Applicant's prior Response, filed on 7/2/07, amended paragraph 0094 of the Specification to 
correct the above-mentioned informality. Paragraph 0094 begins on page 18, line 29, and ends 
on page 19. The amendment contained two changes to the paragraph, the second of which 
changed "Multicast Flood Meter 603" to read "Multicast Flood Meter 604". Thus, the 
specification has already been amended to address the objection, and the Applicant requests that 
the objection be withdrawn. (Applicant acknowledges, however, that remarks made in 
Applicant's prior Response incorrectly referred to the above correction as occurring on page 20, 
when in fact the change effected by the amendment took place on page 19. Applicant apologizes 
for confusion resulting from this unintentional typographical mistake in the remarks.) 

Response to Claim Rejections — 35 USC § 103 

Claims 1-3, 8-10 and 21 were rejected under 35 USC 103(a) as being unpatentable over US 
Patent Application Publication 2002/0032871 (hereinafter "Malan") in view of US Patent 
Application Publications 2002/01011819 (hereinafter "Goldstone"). 

Applicant responds by amending the claims and demonstrating how the amended claims are 
clearly distinct and patentable over Malan in combination with Goldstone. In contrast with 
Malan' s access control list (ACL), the claimed invention uses a table of legitimate IP addresses 
containing IP addresses which have established valid TCP connections. Thus, the IP addresses 
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have the property of being based upon the established TCP connections with the device. 
Moreover, in further contrast with Malan, the claimed invention involves adding an IP address to 
the table of legitimate IP addresses when the TCP state transitions to "established" for the first 
time. In other words, the table of IP addresses changes when the TCP state transitions. 

None of the prior art references, alone or in combination with each other, teaches these unique 
claimed features. In the Office Action, paragraphs 0079, 0073 and 0065 of Malan were cited as 
teaching the claimed table of legitimate IP addresses. However, in paragraph 0079 Malan merely 
mentions the use of an access control list (ACL) as a filter mechanism, but does not teach that 
the ACL contains IP addresses which have established valid TCP connections, or adding an IP 
address to the ACL when the TCP state transitions. Cited paragraph 0073 of Malan relates to the 
processing of alert messages; it does not relate to an ACL and does not teach that the ACL 
contains IP addresses which have established valid TCP connections, or that an IP address is 
added to the ACL when the TCP state transitions. Cited paragraph 0065 of Malan describes 
components of a collector; it does not discuss an ACL and does not teach the use of an ACL 
containing IP addresses which have established valid TCP connections, or that an IP address is 
added to the ACL when the TCP state transitions. Moreover, no other portion of Malan teaches 
these claimed limitations. 

As for Goldstone, techniques are taught therein for DOS attack mitigation by detecting a DOS 
attack and alerting multiple routers of the address of the attack. However, Goldstone does not 
teach the specific claimed feature of maintaining a list of legitimate IP addresses that contains IP 
addresses which have established valid TCP connections, or the specific claimed feature of 
adding an IP address to the list when the TCP state transitions. Goldstone, therefore, does not 
teach the claimed limitations. 

Therefore, the cited references do not fairly teach or suggest the specific claimed features of the 
claims as amended. Moreover, as described in the specification, these features contribute to 
advantageous abilities to protect networks against unwanted attacks. Thus, the claims as 
amended are submitted to be patentable over the references of record. 
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In addition, Applicant respectfully disagrees with certain aspects of the recent Action upon 
which the rejections were based. For example, regarding the claimed limitation of classifying the 
received packets according to network layer 2, 3, 4 classification, the Action cites paragraph 
0067 of Malan and alleges that, to one of ordinary skill in the art, the collector of Malan will 
collect routing information of packets "such as what layers the data packet must take in order to 
get to its destination." This argument, however, merely establishes that it is known in the art for 
packet routers to process various network layers for routing purposes. This argument does not 
support the allegation that Malan combined with knowledge of one of ordinary skill in the art 
teaches or suggests the specific claimed feature of classifying packets according to network layer 
2, 3, 4 classification. Routing does not necessarily or inherently involve packet classification, nor 
does it specifically involve classification by network layers 2, 3, 4. This claimed feature, 
therefore, is not taught in the prior art. Moreover, this specific technique of classification 
contributes to advantages over prior methods of mitigating network attacks. 

In view of the above, Applicant respectfully requests that a timely Notice of Allowance be issued 
in this case. 

Respectfully submitted, 
/Thomas J. McFarlane/ 

Thomas J. McFarlane, Reg. No 39,299 
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